13 matches found
CVE-2026-7429
CVE-2026-7429 affects SSCMS v7.4.0 and describes a reflected cross‑site scripting flaw in the STL processing endpoint. The vulnerability arises from improper output encoding in the /api/stl/actions/dynamic endpoint, where malicious STL template payloads can be decrypted and returned without sanit...
PT-2026-21824
Name of the Vulnerable Software and Affected Versions OpenEMR versions prior to 7.0.4 Description OpenEMR is an open source electronic health records and medical practice management application. Prior to version 7.0.4, the disposeDocument method in EtherFaxActions.php allows authenticated users t...
CVE-2025-64379 WordPress Booster for WooCommerce plugin <= 7.4.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster for WooCommerce: from n/a through = 7.4.0...
Korzh EasyQuery SQL注入漏洞
Korzh EasyQuery is a query builder software from Korzh. A SQL injection vulnerability exists in Korzh EasyQuery 7.4.0 and earlier versions, which stems from improper handling of files/api/easyquery/models/nwind/fetch in the Query Builder UI component, which can lead to SQL injection attacks...
CVE-2023-24735
PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opaccss/pmb.php. This vulnerability allows attackers to redirect victim users to an external domain via a crafted URL...
CVE-2023-6874
Prior to v7.4.0, Ember ZNet is vulnerable to a denial of service attack through manipulation of the NWK sequence number...
SiSMART 安全漏洞
SiSMART is a content management system from SiSMART, Inc. A security vulnerability exists in SiSMART version 7.4.0 that stems from the presence of an insecure direct object reference in the dashboard that allows an attacker to perform a horizontal-privilege upgrade...
PT-2021-5346 · Php +2 · Php +2
Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.30 PHP versions 7.4.x through 7.4.23 PHP versions 8.0.x through 8.0.10 Description: The issue arises from the incorrect restriction of the path name to a directory with limited access in the ZipArchive::extractT...
DEBIAN-CVE-2021-32640
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected]...
Pandora FMS Remote Code Execution Vulnerability
Pandora FMS is an open source application , used to monitor the site's various activities , it can receive real-time monitoring reports , and sent to your designated mailbox , you can also send via e-mail , SMS . A remote code execution vulnerability exists in Pandora FMS 7.42 and earlier version...
Unspecified Vulnerability in Comtech Telecommunications Stampede FX-1010 (CNVD-2020-14359)
The Comtech Telecommunications Stampede FX-1010 is a data center product from Comtech Telecommunications. A security vulnerability exists in the Comtech Telecommunications Stampede FX-1010 version 7.4.3. A remote attacker can exploit this vulnerability by navigating to the Diagnostics Trace Route...
NetIQ Sentinel Arbitrary Code Execution Vulnerability
NetIQ Sentinel is a Security Information and Event Management SIEM solution from NetIQ USA. A security vulnerability exists in NetIQ Sentinel version 7.4x, which can be exploited by an attacker to execute arbitrary code in an affected application...
SAP NetWeaver Java AS RTC Service Information Disclosure Vulnerability
SAP NetWeaver is SAP's integrated technology platform and the technology foundation for all SAP applications since SAP Business Suite. A security vulnerability exists in the chat function of the RTC service in SAP NetWeaver Java AS version 7.4, which can be exploited by remote attackers to obtain...